From 1c5d3368a0ec42023357c6496c76d599e736a333 Mon Sep 17 00:00:00 2001 From: wizjany Date: Mon, 11 Mar 2019 20:37:35 -0400 Subject: [PATCH] Defer permissions check when making LocalSession. Also use Java7 Paths to get rid of some funky logic. --- .../main/java/com/sk89q/worldedit/WorldEdit.java | 16 ++++++++-------- .../sk89q/worldedit/session/SessionManager.java | 13 ++++++------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/worldedit-core/src/main/java/com/sk89q/worldedit/WorldEdit.java b/worldedit-core/src/main/java/com/sk89q/worldedit/WorldEdit.java index be68eff6e..8dbd65389 100644 --- a/worldedit-core/src/main/java/com/sk89q/worldedit/WorldEdit.java +++ b/worldedit-core/src/main/java/com/sk89q/worldedit/WorldEdit.java @@ -68,6 +68,8 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; +import java.nio.file.Path; +import java.nio.file.Paths; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -279,19 +281,17 @@ public final class WorldEdit { } try { - String filePath = f.getCanonicalPath(); - String dirPath = dir.getCanonicalPath(); + Path filePath = Paths.get(f.toURI()).normalize(); + Path dirPath = Paths.get(dir.toURI()).normalize(); - if ((filePath.length() < dirPath.length() || !filePath.substring(0, dirPath.length()).equals(dirPath)) - && !getConfiguration().allowSymlinks) { - throw new FilenameResolutionException(filename, - "Path is outside allowable root"); + if (!filePath.startsWith(dirPath) + || (!getConfiguration().allowSymlinks && !filePath.toRealPath().startsWith(dirPath))) { + throw new FilenameResolutionException(filename, "Path is outside allowable root"); } return f; } catch (IOException e) { - throw new FilenameResolutionException(filename, - "Failed to resolve path"); + throw new FilenameResolutionException(filename, "Failed to resolve path"); } } diff --git a/worldedit-core/src/main/java/com/sk89q/worldedit/session/SessionManager.java b/worldedit-core/src/main/java/com/sk89q/worldedit/session/SessionManager.java index 1da0c58cc..a1dd4d60a 100644 --- a/worldedit-core/src/main/java/com/sk89q/worldedit/session/SessionManager.java +++ b/worldedit-core/src/main/java/com/sk89q/worldedit/session/SessionManager.java @@ -162,12 +162,10 @@ public class SessionManager { sessions.put(getKey(owner), new SessionHolder(sessionKey, session)); } - if (shouldBoundLimit(owner.hasPermission("worldedit.limit.unrestricted"), - session.getBlockChangeLimit(), config.maxChangeLimit)) { + if (shouldBoundLimit(owner, "worldedit.limit.unrestricted", session.getBlockChangeLimit(), config.maxChangeLimit)) { session.setBlockChangeLimit(config.maxChangeLimit); } - if (shouldBoundLimit(owner.hasPermission("worldedit.timeout.unrestricted"), - session.getTimeout(), config.maxCalculationTimeout)) { + if (shouldBoundLimit(owner, "worldedit.timeout.unrestricted", session.getTimeout(), config.maxCalculationTimeout)) { session.setTimeout(config.maxCalculationTimeout); } @@ -181,9 +179,10 @@ public class SessionManager { return session; } - private boolean shouldBoundLimit(boolean mayBypass, int currentLimit, int maxLimit) { - if (!mayBypass && maxLimit > -1) { // if player can't bypass and max is finite - return currentLimit < 0 || currentLimit > maxLimit; // make sure current is finite and less than max + private boolean shouldBoundLimit(SessionOwner owner, String permission, int currentLimit, int maxLimit) { + if (maxLimit > -1) { // if max is finite + return (currentLimit < 0 || currentLimit > maxLimit) // make sure current is finite and less than max + && !owner.hasPermission(permission); // unless user has unlimited permission } return false; }